Description

(This issue report is written based on revision 11044 of the standard trunk. For background information, please see this discussion on the ZF-MVC mailing list.)

Zend_Form provides validation and filtering to help developers ensure that user-contributed data is acceptable prior to using it in an application. Developers can use Zend_Form::isValid($values) to determine if the data is usable; if it's not, they can then avoid making changes on the server that shouldn't have been made.

As a consequence of this use, the validation and filtering processes in Zend_Form should never make any changes on the server themselves. Calling isValid() on the form object or any of its children should simply analyze the value and return the result. It is then up to the developer what to do with the value.

Zend_Form_Element_File, however, does make a change on the server during the validation process: if the form element successfully validates, its file is moved to its assigned permanent destination on the server. (More accurately, I think this file-moving process happens in the validation process of Zend_File_Transfer, which is used internally by Zend_Form_Element_File.)

This becomes a problem in forms that handle both file uploads and other kinds of data. Consider, for instance, a form with two elements: a text element called "title" and a file element called "file." The controller is set up such that, when the form is valid, the "title" and the filename of the submitted "file" get stored in a database table, while the "file" itself is stored somewhere in the filesystem.

Given the current behavior of Zend_Form_Element_File...if the "title" element is not valid but the "file" element is, the file gets stored in the filesystem, but the title and filename do not get stored in the database. Ideally, the file shouldn't be stored either, as it's not properly associated with the rest of its data.

Again, please see this discussion on ZF-MVC for more background information on this issue; Mr. Weier-O'Phinney mentioned a few potential difficulties there that would need to be considered in any solution to this problem.

Comments

Posted by Thomas Weidner (thomas) on 2008-08-28T11:26:59.000+0000

Just for clarification:

Zend_File_Transfer moved the file when the receive() method is called.
The file will not be moved when isValid() is called.

Posted by Thomas Weidner (thomas) on 2008-08-28T11:48:10.000+0000

My intention for a good solution would be to just validate the file upload when processing isValid().
Only when the whole form is valid, the receive() method should be called and performed.

We will look over this after the release of 1.6.0

Posted by Thomas Weidner (thomas) on 2008-09-13T14:52:12.000+0000

Implemented with r11391

Posted by Wil Sinclair (wil) on 2008-11-13T14:10:29.000+0000

Changing issues in preparation for the 1.7.0 release.

Posted by etaty (etaty) on 2011-07-20T09:20:55.000+0000

"Only when the whole form is valid, the receive() method should be called and performed."
zf 1.11.5 don't do that... so I will open a bug.